SB2017082326 - Fedora 26 update for groovy18
Published: August 23, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017082326
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Arbitrary code execution (CVE-ID: CVE-2015-3253)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness exists due to improper serialization of runtime/MethodClosure.java. By sending a specially crafted serialized objects attackers can trigger arbitrary code to be executed.
Successful explotation of the vulmerability results in arbitrary code execution or denial of service on the vulnerable system.
Remediation
Install update from vendor's website.